ICS security trends

As the Industrial Internet of Things (IIoT) becomes more prevalent, there is a greater risk for intentional and unintentional cyber security breaches. Industrial control system (ICS) security should focus on advanced security-focused products; security as an attribute of all Ethernet devices; and further adoption of defense-in-depth as major trends going forward.


Cyber security has been increasing in importance in industrial facilities since the discovery of Stuxnet in 2010. More recently, there's been the rise of the Industrial Internet of Things (IIoT) with its increased numbers of connected devices and links to the Internet and business systems.

More IIoT-related entry points to industrial communications infrastructure means more cyber risk from not only intentional attacks but also from unintentional sources such as device failure, operator error, and malware. In manufacturing and process control environments this means higher risk to physical devices and processes and the possibility of physical, not just digital, damage.

What does this imply for industrial control system (ICS) security going forward? There are three trends to consider: advanced security-focused products; security as an attribute of all Ethernet devices; and further adoption of defense-in-depth. 

Advanced industrial security-focused products

One trend is increased cyber security risk, which is leading vendors to develop advanced technologies that deal with the particular challenges of control system security. One aspect of these challenges is the widespread use of ICS communication protocols not designed with security in mind. Securing them without impacting their control functionality requires advanced technology.

An example is the deep packet inspection (DPI) capability. On the one hand, intrusion detection systems (IDS) monitor only for broad categories of basic attacks. On the other hand, most firewalls use access control lists or stateful firewalls to either allow or block all messages of an industrial protocol such as Modbus TCP.

DPI, however, digs deeper to understand what the protocol is being used for and provide protection, not just detection. DPI does this, for instance, by determining if a Modbus message is read or write and dropping all write messages, or only allowing writes of particular registers. This allows the protection to be exactly tailored to the application, allowing essential control messages to communicate as required while blocking potentially dangerous or inappropriate messages.

Security built-in to Ethernet networking devices

Ethernet networking devices such as industrial routers, switches, and firewalls are at every connection point of the ICS network. This makes them ideal security sentinels to identify and control traffic entering and leaving at all points of the communications infrastructure. However, studies show most industrial cyber incidents are unintentional. These incidents occur due to human error, a software or device flaw, or an inadvertent introduction of malware infection. This means ICS security needs to protect from "friends and neighbors" as well as "enemies." A focused effort to evolve all Ethernet devices to play an active role in their own security can help mitigate some of these risks.

Further adoption of defense-in-depth best practices

The principles of defense-in-depth, as per ISA IEC 62443 (formerly ISA 99), have been well understood and readily adopted into many perceived "high risk" applications. However, in both the installed base of control systems as well as new deployments, many industrial networks still do not follow these principles.

Perhaps this is because many industrial engineers and operators have viewed cyber security as being relevant only for protection from intentional attacks from hackers. Most industrial cyber incidents are unintentional, and they don't target only high-profile systems. Human error and device flaws can happen to anyone.

Defense-in-depth is as much about enhancing system reliability and resiliency as it is about security. As this realization spreads, the adoption of defense-in-depth practices will increase.

Good cyber security is an ongoing process. That means vigilance where users monitor communication systems for unusual activity or configurations changes and investigate alterations and anomalies. Get started on better cyber security today and make it a focus area for continuous improvement.

Heather MacKenzie is with Tofino Security, a Belden company; Jeff Lund is responsible for Belden's product initiatives related to the Industrial Internet of Things (IIoT). This content originally appeared on ISSSource.com. Edited by Chris Vavra, production editor, CFE Media, Control Engineering, cvavra@cfemedia.com.

No comments
The Engineers' Choice Awards highlight some of the best new control, instrumentation and automation products as chosen by...
The System Integrator Giants program lists the top 100 system integrators among companies listed in CFE Media's Global System Integrator Database.
The Engineering Leaders Under 40 program identifies and gives recognition to young engineers who...
This eGuide illustrates solutions, applications and benefits of machine vision systems.
Learn how to increase device reliability in harsh environments and decrease unplanned system downtime.
This eGuide contains a series of articles and videos that considers theoretical and practical; immediate needs and a look into the future.
Make Big Data and Industrial Internet of Things work for you, 2017 Engineers' Choice Finalists, Avoid control design pitfalls, Managing IIoT processes
Engineering Leaders Under 40; System integration improving packaging operation; Process sensing; PID velocity; Cybersecurity and functional safety
Mobile HMI; PID tuning tips; Mechatronics; Intelligent project management; Cybersecurity in Russia; Engineering education; Road to IANA
This article collection contains several articles on the Industrial Internet of Things (IIoT) and how it is transforming manufacturing.

Find and connect with the most suitable service provider for your unique application. Start searching the Global System Integrator Database Now!

SCADA at the junction, Managing risk through maintenance, Moving at the speed of data
Flexible offshore fire protection; Big Data's impact on operations; Bridging the skills gap; Identifying security risks
The digital oilfield: Utilizing Big Data can yield big savings; Virtualization a real solution; Tracking SIS performance
click me